The top 5 email encryption tools: More capable, better integrated

Most of the email encryption solution vendors have broadened the scope of their products to include anti-phishing, anti-spam, and data loss prevention (DLP).

Email encryption  >  A key + a three-dimensional 'at' symbol bearing a series of locks.
Thinkstock

The world of email encryption has changed significantly in the past few years. The leading tools are evolving, each in their own way:

  • HPE/Voltage SecureMail is now part of Micro Focus, part of an acquisition of other HPE software products
  • Virtru Pro has extended its product with new features and integrations
  • Inky no longer focuses on an endpoint encryption client and has instead moved into anti-phishing
  • Zix Gateway rebranded and widened its offerings
  • Symantec Email Security.cloud has added integrations

Before I get into the details of these tools, let’s look at several trends in the email encryption arena.

Email encryption trends

Vendors are widening the focus of encryption

Encryption continues to become easier to use and more capable. Now encryption is moving in an interesting direction. Vendors have begun to see the encryption forest instead of individual trees and have widened their focus. Email encryption has become just one feature in an entire email protection portfolio that includes anti-spam, anti-phishing and data loss prevention (DLP). No single vendor offers a complete portfolio, and some are stronger in certain areas. I will get to those specifics in the next section.

Support for G Suite and Microsoft Office

Second, most vendors now offer support for the complete Google G Suite and Microsoft Office product lines, including desktop, mobile and cloud instances of both vendors’ software tools. In some cases, this extends backwards to earlier Office and Outlook versions.

Partnerships have become more important

Almost every major encryption vendor has either made key business acquisitions, integrated their technology with other application vendors or their own DLP products, expanded their partnership and reseller programs, or some combination of these elements. As encryption has moved beyond messaging applications, it must take into consideration protecting all kinds of data transfer, whether they be simple file shares on a network drive, records in a database, or emails. This places more of a challenge on vendors to deliver full-fledged solutions that can be deployed across the entirety of a corporate digital domain.

Email authentication protocols becoming more popular

While not encryption, authentication protocols are useful tools to filter out spam and phishing messages. According to a study done earlier this year by 250ok of more than 25,000 domains, adoption has increased by 5% overall since last year and nearly a quarter of these domains show some level of adoption.

This could be caused by two factors. One is the use of DMARC, DKIM and SPF protocols has been encouraged thanks to the mandate by the U.S. federal government issued in 2017. Second is as phishing attacks continue to plague corporations, IT managers have become more motivated to use these protocols to protect their digital infrastructure.

“We have observed that once a domain enforces use of these protocols, attempts to impersonate it generally fall off, as phishers realize their faked messages are no longer being delivered,” a Valimail report on email fraud trends cites. That report shows that there is still room to grow: U.S. tech companies, Crunchbase unicorns, and US banks are the only categories of companies with more than 30% of domains enforcing these protection policies. In the past two years, Valimail and Agari have become leading vendors providing specialized DMARC, DKIM and SPF protection.

Support varies among the encryption providers for the three protocols. Zix and Symantec handle all three. Inky uses these protocols as “minor elements of its solution,” according to company representatives, mainly because it uses its own algorithms to detect phishing and spoofing. Voltage supports DMARC and SPF but not DKIM.

Encryption spans several functional methods

This includes web-based zero-clients (what Voltage calls “identity-based encryption”), support for mobile clients, automatic registration, key management (either hosted or on-premises), gateways, and end-to-end encryption. Many vendors now offer both push (where a recipient is sent an encrypted attachment) and pull (where a recipient is notified to pick up their encrypted message), and they automatically detect whether a recipient is using TLS or PGP or other encryption systems.

Zix is probably still the go-to vendor that has the widest offering here. As email usage has grown to encompass a variety of different clients and situations, email encryption has grown along with it to protect these situations. 

Encryption tools embrace various multi-factor authentication methods

This includes OAuth and smartphone apps. Zix and Symantec both offer a wide collection of methods. Voltage supports both Google Authenticator and its own Micro Focus smartphone authenticator app. Inky supports the Microsoft authenticator tools.

Top email encryption providers

Inky

Inky has seen the biggest transformation of its business. In 2017, it was primarily an end-to-end encryption vendor. Now it is focused on anti-phishing protection and with just a few customers requesting custom encryption solutions. Its product works across any business email infrastructure. Its largest customer has 250,000 seats and is priced at $30/user/year.

Virtru

Virtru has added support for Google Drive to its original Gmail/G Suite end-to-end encryption. It also now protects Azure and Office 365 infrastructure, too. The company added integration with McAfee DLP and Titus data protection products, along with key management integration with Intel vPro chipsets.

Its most recent news was the Virtru Developer Hub, an SDK that enables object-level data protection to any app or device. It provides a rich collection of software tools to manage encryption keys, create access policies, and integrate both security and privacy using an open source data format. The vendor declined to provide specific pricing information.

Zix

Zix continues to demonstrate leadership in this market with a collection of products that span the different encryption modalities, including email gateways and end-to-end encryption products. ZixPort is its secure web portal that can be used by any message recipient to decrypt and reply to messages. ZixDirect is its HTML push product that sends you an encrypted message as an attachment. Recipients decrypt these in their browsers. This used to be popular before there were other ways to accomplish encryption.

The company also offers both cloud hosting and on-premises gateway products for the full range of services. Earlier this year, Zix acquired Appriver, which provides spoofing and anti-phishing protection, and is being used by Zix to widen its reseller program. These products are still being sold separately but are being consolidated into ZixProtect, which will offer an integration suite of protection tools that go beyond encryption. Its largest hosting customer has 80,000 seats and their pricing begins at $35/user/year.

Symantec Email Security.cloud

Symantec’s Email Security.cloud continues to be sold and has added integrations with its own and other DLP services. It supports a wide variety of encryption methods, including push and pull, TLS and PGP. It has long offered DLP support and has made it easier to invoke encryption based on policies and keywords contained in messages. Emails are encrypted first and then use DKIM signing before the messages are delivered. Its largest hosting customer has 175,000 seats and their pricing begins at $31/user/year.

Voltage SecureMail

Voltage SecureMail was part of the mass transfer from HPE to Micro Focus of numerous software business units. It more or less remains intact from when it was a separate company. It was one of the first email encryption vendors and early on had both hosted and on-premises versions of its software.

Voltage has added policy-based content inspection and unstructured data protection using technology acquired from Covertix’s SmartCipher. It also added support for Outlook Web Access and end-to-end encryption for Office 365 and desktop Office versions going back to 2010 running SP2. Voltage has mobile clients for iOS, Android and Blackberry devices. It has plans to add a Chrome plug-in and Gmail soon. Pricing for its hosted product starts at $32.50/user/year and it has a 14-day free trial for up to five users. Its largest customer has 35,000 seats.

Copyright © 2019 IDG Communications, Inc.

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!